From: Matthew Wilcox <willy@infradead.org>
To: syzbot <syzbot+97ef6376738cb5104a71@syzkaller.appspotmail.com>
Cc: akpm@linux-foundation.org, linux-kernel@vger.kernel.org,
linux-mm@kvack.org, syzkaller-bugs@googlegroups.com,
kent.overstreet@gmail.com, hch@lst.de
Subject: Re: BUG: Bad page state (8)
Date: Mon, 1 Feb 2021 12:52:29 +0000 [thread overview]
Message-ID: <20210201125229.GO308988@casper.infradead.org> (raw)
In-Reply-To: <00000000000019201505ba43855e@google.com>
On Mon, Feb 01, 2021 at 02:07:22AM -0800, syzbot wrote:
> Hello,
>
> syzbot found the following issue on:
Thank you, syzbot. This is legit. But annoying.
> BUG: Bad page state in process syz-executor.4 pfn:369c1
> page:0000000025f15602 refcount:0 mapcount:0 mapping:0000000000000000 index:0x3d pfn:0x369c1
> flags: 0xfff00000020005(locked|uptodate|mappedtodisk)
> raw: 00fff00000020005 dead000000000100 dead000000000122 0000000000000000
> raw: 000000000000003d 0000000000000000 00000000ffffffff 0000000000000000
> page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
Having the uptodate and mappedtodisk flags set is fine. It's the 'locked'
flag which is triggering the bug. Here's the code in question:
truncated:
error = AOP_TRUNCATED_PAGE;
put_page(page);
unlock:
unlock_page(page);
So we're going to unlock the page! But we actually have to unlock it first,
before the refcount goes to zero. Does anyone see a better way than this?
(Andrew, this is a fix to "mm/filemap: add filemap_range_uptodate")
diff --git a/mm/filemap.c b/mm/filemap.c
index bc4c9ac0ef4a..a945102b55c2 100644
--- a/mm/filemap.c
+++ b/mm/filemap.c
@@ -2322,8 +2322,9 @@ static int filemap_update_page(struct kiocb *iocb,
put_page(page);
return error;
truncated:
- error = AOP_TRUNCATED_PAGE;
+ unlock_page(page);
put_page(page);
+ return AOP_TRUNCATED_PAGE;
unlock:
unlock_page(page);
return error;
next prev parent reply other threads:[~2021-02-01 12:52 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-01 10:07 BUG: Bad page state (8) syzbot
2021-02-01 12:52 ` Matthew Wilcox [this message]
2022-10-09 5:44 ` [syzbot] " syzbot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210201125229.GO308988@casper.infradead.org \
--to=willy@infradead.org \
--cc=akpm@linux-foundation.org \
--cc=hch@lst.de \
--cc=kent.overstreet@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=syzbot+97ef6376738cb5104a71@syzkaller.appspotmail.com \
--cc=syzkaller-bugs@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).